Breach, Security Staff Acquisition & Development, Vulnerability Management

Lazarus APT group examined

ZDNet reports that the North Korean state-sponsored hacking group Lazarus has not only been engaging in social engineering attacks on LinkedIn but also targeting U.S. defense contractors through WhatsApp and deploying the malicious LCPDot downloader. Lazarus has engaged in a recent campaign that involved the impersonation of Lockheed Martin employees on LinkedIn to lure targets into downloading documents on a website spoofing a government and defense recruitment site, an NCC Group report revealed. "In order to subvert security controls in the recent changes made by Microsoft for Office macros, the website hosted a ZIP file which contained the malicious document," said NCC Group. Meanwhile, a LCPDot download variant examined by researchers was found to receive and decrypt payloads once a compromised host is registered in a command-and-control server. The findings come after the $600 million Axie Infinity hack in March was attributed to Lazarus. Google also reported in March a widespread Lazarus campaign targeted at the media and tech industries.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.